Vulnerabilities > Grandingteco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-45391 | Cross-site Scripting vulnerability in Grandingteco Utime Master 9.0.7 A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | 4.8 |
| 2023-10-13 | CVE-2023-45393 | Authorization Bypass Through User-Controlled Key vulnerability in Grandingteco Utime Master 9.0.7 An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | 6.5 |